Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MNico Erfurth at <-
M\Nico Erfurth at ->
Delete this message
Reply to this message
Author: Georges Arnould
Date:  
To: Nico Erfurth
CC: exim-users
Subject: Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?
> I bet your authenticator config is broken, if it can't lookup the
> username it will accept anything as password, try it yourself.
> Show use your auth-config, and we can help you.

Here it is ... It has never changed for a year ... And someone managed to
pass through yesterday. I wonder if my config. is broken ... But I would
enjoy it is (meaning no recompil, no reinstall, etc.) ...

Thank's for your appreciated help !

Georges 


fixed_login:
       driver = plaintext
       public_name = LOGIN
       server_condition = "${if eq
{${lookup{$1}lsearch{/usr/local/exim/etc/trusted_users}{$value}}} {$2} {yes}
{no}}"
       server_set_id = $1
       server_prompts = "Username:: : Password::"





This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] exim as relay for latest sendmail bug?Re: [Exim] exim as relay for latest sendmail bug?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)